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Hashing security performance by having an improvement of 9.00% over the original 
Message digest SHA-1 and 3.00% over MSHA-1. The improvement was also tested using 500 
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1. INTRODUCTION 

Cryptographic hash algorithms perform a major part in information security-it is a basis for a secure 
network which includes checking of data integrity [1], [4]. Hash algorithms are used in ensuring data 
integrity [5]. In hashing, a single bit of change from the input shall produce an entirely different hash output 
value [6]. A probability of 50% is the most ideal result in considering a change in the hash output, also 
known as the avalanche effect, but a higher value signifies higher efficiency of the technique [7]. The 
message digest or hash value produced by a hash function provides an assurance that the data during 
transmission will not be altered, because it is computationally infeasible for two distinct messages to have 
equal hash value [8], [9]. The hash value is the condensed representation of the message and acts as a digital 
fingerprint of the message, in which only one hash value should be associated with the message [8]. If the 
hash values differ, the integrity of the message is compromised. Hash is typically applied as integrity 
verification of password protection, security in protocols, file transmission, tamper detection, and digital 
signature [10], [11]. 

The algorithms under Secure Hash Standard Federal Information Processing Standards Publication 
(FIPS PUB 180-4) are as follows: SHA-1, SHA-224, SHA-256, SHA-384 SHA-512, SHA-512/224, and 
SHA-512/256. Outputs of these hash algorithms are 160, 224, 256, 384, 512, 224 and 256 bits, respectively 
[12]. The National Institute of Standards and Technology published the cryptographic hash function Secure 
Hash Algorithm 1 (SHA-1) as (FIPS PUB 180-1) [13] and still belongs to (SHS) (FIPS PUB 180-4) [12]. The 
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SHA-1 algorithm is fast and has 160-bit output [14] and it is commonly used hash algorithm in different 
applications, and is as follows: PGP, SSL/TLS, Digital Signatures, and SSH [1], [15] because of its 
robustness and time efficiency [16]. In 2017, 21% of websites were recorded that SHA 1 is still using for 
the signing of a website’s certificate [17]. The SHA-1 with 160-bit hash value is widely used for file 
fingerprint and verification [18]. 

SHA-1 is considered simple, fast and the most widely used hash algorithm [11] because of 
robustness and time efficiency. However, it suffers from some unexpected weaknesses in the internal 
function and has a low avalanche effect [1], [19]-[21] thus leading to compromised data integrity. Thus, the 
modification of the hash function is essential in order to achieve higher avalanche effect diffusion [19], [22], 
[23]. Enhancements on SHA-1 were made to have better diffusion [24]-[25] but the simulation of results did 
not show the avalanche effect or have shown lower avalanche effect. The addition of MD5 hash to SHA-1 
was also studied [22] but this approach has become suspect since MD5 has been completely broken [26]- 
[27]. Another study enhanced SHA-1 by modifying the message digest to increase the avalanche effect, but 
results revealed an avalanche effect that is lower than the ideal standard of 50% and has not included the 
actual messages used [28]. Another study has enhanced and modified the SHA-1 algorithm (MSHA-1). The 
study increased the hash value by adding 32-bit and modified the internal function in attaining better 
diffusion. Testing showed better diffusion, but hashing time of MSHA-1 was slower by 312.50% [29]. 

This study improves the MSHA-1 by modifying the output bits from 192-bit to 160-bit, with the 
purpose of improving the hashing time and keeping the mixing method in the compression function. The 
specific objectives were as follows: To determine the avalanche effect of the hashing algorithm with 160-bit 
output and mixing method; to evaluate the improvement of enhanced MSHA-1 over the MSHA-1 in terms of 
avalanche effect; to compare the performance of improved MSHA-1 against the MSHA-1 in terms of hashing 
time; to test the effectiveness of the improved MSHA-1 by using a hash test program. The main contribution 
of this work is beneficial to other researchers, because the improvement made on the MSHAI by modifying 
the output 192-bit to 160-bit and the increase of avalanche effect of the improved MSHA-1, therefore when 
used as the hashing mechanism in their chosen application, will increase security and hashing time performance. 


2. RESEARCH METHOD 
2.1. Modification of MSHA-1 algorithm design 
a. Modification on MSHA-1 was incorporated and described in detail below. The improved MSHA-1 160- 
bit hash value with the mixing method 

The modification on MSHA-1. The working 32-bit variables A, B, C, D, E were used to produced 
160-bit hash value, and the mixing method is used in every round to the compression function. This method 
will accept input from variables A, C, and D, and will have a new value to the output variables A’, C’, and 
D', as shown in Figure 1. 





Figure 1. Improved MSHA-1 algorithm with the mixing method 


b. The improved MSHA-1 algorithm process 
— The padding of the message: 
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The length in multiple of 512 bits is the padded message. Number one (1) followed by zero (0) bit 
was added to the original message, and zero (0) number will depend on the message’s original length. The 
binary representation of the original message’s length is the last 64 bits of the previous 512-bit block. 

— The constants and functions: 

The Keyo, Keyi, Key2 ... Keyx and logical functions functo, funct; to funct7> were used as 
constant words, and each func, O < t < 79, the operation of three (3) 32-bit words and the output is 32-bit 
word. The functions and the constants used is shown as: 


func:(B,C,D) = (B && C) Il ((! B) && D) 


Key: = 5A827999 0<t<19 
func(B,C,D)=B^C^D 
Key: = 6ED9EBA1 20 <t<39 
func:(B,C,D) = (B && C) Il (B && D) Il (C && D) eresi 
Key: = 8FIBBCDC 

= A A 
func((B,C,D) =B*C%D aaa 


Key: = CA62C1D6 


— Computing the 160 Message Digest with mixing method: 

The 16 words (Mi) were split by using these variables, Wo, ... W15 

When t = 16 to 79, do W: =S!(Wi.3 XOR W;.3 XOR W:-14 XOR Wi.16). 

Then let A=H;, B=Ho>, until E=Hs, counter = m 

Set t=0 then do the following until t=79 

mix= mixing(A, C, D) 

A’=m1x;C’=m1x;D’=mix 

T1 =S°(A) + fı (B, C, D) +E + W: + Ki: 

E = D’; D = C’; C=S*(B); B = A’; A =T1 

e. nb+= m, then do H; = (H; + A) ^ nb, Ho = (H2 + B) ^ nb, H; = (H; + C) ^ nb, H; = (H; + D) ^ nb, Hs = 
(Hs + E) ^ nb, 

f. The algorithm will produce 160-bit hash value. 


ao Oo ® 


2.2. Testing 
2.2.1. Avalanche effect with the use of mixing method 

The MSHA-1 algorithm was modified using visual basic for applications (VBA). From here, the 
modifications were inserted. Different message sets were considered during the evaluation of improved 
MSHA-1. From these different message sets, the avalanche test was performed. Avalanche effect 
computation is shown in (1) and (2). 


P = © x 100% (1) 
B = 32B; 2) 


2.2.2. Improvement of modified SHA-1 over SHA-1 using different message sets 
a. Message sets 

For performance analysis, the study considered different message sets during the testing. 
Description of the various message sets was as follows: 
Message set 1: message input of 1-bit change. 
First message: 
“@AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAA”. 
Second message: 
"CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAA”[22]. 
Message set 2: Difference in only a few bits using the 64-character message set. Dissimilar characters were 
inserted at the Ist, 33", and 64" as shown in Table 1 [30]. 
Message set 3: Input 1:“abc123 owlstead_ 1255” and Input 2 “abc123 owlstead 59131” [31]. 
Message set 4: length differences as input [32], The message pattern was as follows: “a”, ”a a” and “aaa”. 
The message pattern was shown in Table 2. 
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Message 5: Strings of a random message. The message was tested with the following input of characters 
0...9, a...z, and A... Z from 500 random strings generated hash values [33]. 
Message set 6: Common substrings arranged in different orders, as shown in Table 3 [32]. 


Table 1. 64-character message set in difference of a few bits 


No. Message Input 
@AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
10 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA @ AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
11 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
12 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
13 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
14 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
15 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
16 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
17 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA @ 
18 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC 
19 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE 
20 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAT 
21 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQ 
22 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAa 
23 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 
24 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA 


OANANINDNBWN KE 


Table 1. The length different 
No. Message Input 


1 a 


23 aaaaaaaaaaaaaaaaaaaaaaa 
24 aaaaaaaaaaaaaaaaaaaaaaaa 


Table 3. Common substrings arranged in different orders 
No. Message Input 


The quick brown fox jump over the lazy dog 


1 
2 quick brown fox jump over the lazy dogThe 
3 brown fox jump over the lazy dogThe quick 
4 fox jump over the lazy dogThe quick brown 
5 jump over the lazy dogThe quick brown fox 
6 over the lazy dogThe quick brown fox jump 
7 the lazy dogThe quick brown fox jump over 
8 lazy dogThe quick brown fox jump over the 
9 dogThe quick brown fox jump over the lazy 
10 dog lazy the over jump fox brown quick The 
11 The dog lazy the over jump fox brown quick 
12 quick The dog lazy the over jump fox brown 
13 brown quick The dog lazy the over jump fox 
14 fox brown quick The dog lazy the over jump 
15 jump fox brown quick The dog lazy the over 
16 over jump fox brown quick The dog lazy the 
17 the over jump fox brown quick The dog lazy 
18 lazy the over jump fox brown quick The dog 
19 The dog quick lazy brown the fox over jump 
20 dog quick lazy brown the fox over jump The 
21 quick lazy brown the fox over jump The dog 
22 lazy brown the fox over jump The dog quick 
23 brown the fox over jump The dog quick lazy 


24 the fox over jump The dog quick lazy brown 
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b. Avalanche effect 

The average avalanche effect of the improved MSHA-1 was compared to MSHA-1 and original 
SHA-1 using the different message sets. The experimental design was shown in Table 4. For each type of 
message, the avalanche percentage was computed for improved MSHA-1, MSHA-1, original SHA-1. 


Table 4. Experimental design 
Message Type 
1-bit change 
The difference in a few bits 
The difference in the last few bits 
Length difference (24 Messages) 
500 Random strings 


Common substrings arranged in different orders 


A BWN Re 


ON 


The percentage of improvement was also calculated to show a comparison in percentage. To 
calculate the percentage of change, the following formula is: 


Original number—New number 


% change = x 100% (3) 


Original number 


2.2.3. Performance of improved MSHA-1 over MSHA-1 in terms of hashing time 
Hashing time was also recorded using 500 random strings for ten trials (n=10). The average time 
was computed in milliseconds. 


3. RESULTS AND DISCUSSION 
3.1. Avalanche effect improved MSHA-1 160-bit hash value 

The avalanche effect was computed using different message sets. The results were shown in 
Figure 2. The avalanche effect average of three algorithms. The results showed that the improved MSHA-1 
was higher than the 50% ideal value by having 51.88%. The increase in the avalanched effect was due to the 
improvement and modification made. 


AVALANCHE EFFECT sie ee 
53,00% vale 
52,00% 
51,00% 
50,00% 
49,00% 
48,00% 
47,00% 
46,00% 
45,00% 
44,00% 


PERCENTAGE 


47,03% 





MSHA-1 sHA-1 Improved 
MSHA-1 


Figure 2. Average avalanche effect of improved MSHA1, MSHA-1 and SHA-1 


3.2. Enhancement of improved MSHA-1 over MSHA-1 using message sets 
3.2.1. Avalanche effect 

Table 5 shows the avalanche percentage of the different message sets. For message type one, the 
improved MSHA-1 achieved 51.88%, while MSHA1 obtained 51.56%, and SHA-1 got 45.63%, as seen in 
Table 4. For message type two, the avalanche effect of the improve MSHA-1 acquired 50.49%, while 
MSHA-1 attained 50.09%, and SHA-1 got 48.37%. For message three, the improved MSHA-1 achieved 
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57.50%, which was very much higher than the 50% ideal value, while MSHA-1 got 50.00% and SHA-1 got 
only 38.75%, which was extremely lower than the ideal value. For message type four, the improved MSHA-1 
achieved 50.49%, MSHA-1 attained 51.13%, and SHA-1 got 49.76%. For message type five, the improved 
MSHA-1 achieved 49.99%, and MSHA-1 got 50.19%, and SHA-1 attained 49.90%. Lastly, for message type 
6, the improved MSHA-1 achieved 50.95%, while MSHA-1 attained 50.23%, and SHA-1 got 49.76%. 
Improved MSHA-1 has better security performance by having an avalanche effect improvement of 9% over 
SHA-1 and 3% over MSHA-1, as shown by the average avalanche value of 51.88% using the improved 
MSHA-1, 50.53% using the MSHA-1 and 47.03% using SHA-1. 


Table 5. Avalanche effect of different message sets of MSHA-1, SHA-1 and improved MSHA-1 


Message Type Avalanche effect (%) 
MSHA-1 SHA-1 Improved MSHA-1 
1 l-bit change 51.56% 45.63% 51.88% 
2 The difference in only a few bits 50.09% 48.37% 50.49% 
3 The difference in the last few bits 50.00% 38.75% 57.50% 
4 Length difference (24 Messages) 51.13% 49.76% 50.49% 
5 500 Random strings 50.19% 49.90% 49.99% 
6 Common substrings arranged in different orders 50.23% 49.76% 50.95% 
Average (%) 50.53% 47.03% 51.88% 


The hash function test program was used to test the effectiveness of the improved MSHA-1, as 
shown in Figure 3 [34]. The function will count the duplicate hash values of the one thousand inputted hashes 
that have been produced by the improved MHSA-1. Based on the output, it was clearly shown that there were 
no duplicates hash values found from the hash values produced by the improved MSHA-1 algorithm. 





Figure 3. Improved MSHA-1 hash function test 


3.3. Performance of MSHA-1 vs SHA-1 in terms of hashing time 

Hashing time was also recorded using 500 random strings for ten trials (n=10). The average time 
was computed in milliseconds. Figure 4 shows the average hashing time of the improved MSHA-1 and 
MSHA-1. The time difference of the improved MSHA-1 and MSHA-1 was computed using 500 random 
strings as a message set. Time was noted for ten trials, as shown in Table 6. The average time noted for 
improved MSHA-1 was 878.85ms, while MSHA-1 was 1151.52ms. The hashing time of improved MSHA-1 
has better hashing time performance, as indicated by a 31.03% improvement. 


Hashing time in ms 


E MSHAL E Improved MSHA-1 





Figure 4. Average hashing time of the 24 messages in milliseconds 
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Table 6. Average hashing time of the 500 random strings in milliseconds 


Trials n=10 MSHA-1 Improved MSHA-1 
1 1484.38 765.63 
2 1109.38 953.13 
3 1007.81 968.75 
4 1015.63 867.19 
5 1078.13 843.75 
6 1023.44 882.81 
7 1085.94 828.13 
8 1031.25 875.00 
9 1156.25 828.13 
10 1523.00 976.00 
Average (ms) 1151.52 878.85 


4. CONCLUSION 

From the summary of findings and results presented in the previous section, the following can be 
concluded that improved MSHA-1 with 160-bit hash value and using the mixing method resulted in an 
avalanche effect of 51.88%. Compared to the original SHA-1 and MSHA-1, the improved MSHA-1 
performed better by having an avalanche effect improvement of 9.00 % over the SHA-1 and 3% over 
MSHA-1. Compared to the MSHA-1, the hashing time of improved MSHA-1 has a better performance by 
having a 31.03% improvement. The improved MSHA-1 showed no duplicates using the hash test program. 
These results show that the modification and improvement made on the MSHA-1 algorithm enhanced 
security and improved the hashing time performance. As an offshoot of this study, further researches may be 
undertaken by modifying MSHA-1 hash through lessening the number of rounds to improve more the 
hashing time performance. 
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